An approach to assessment modeling and system designing of risk management in EIP

Today, the Internet technology development and their applications have become increasingly popular. Hence, the WWW technology brings the rising of Enterprise Information Portal (EIP). However, providing a secure Enterprise Information Portal is one of essential quality of services (QoS) in Internet applications. Focusing on the security of EIP, the purposes of this paper are to find out various risk facets based on ISO 27001 reference standards and the ISMS process and also utilize AHP model to validate the factors of each risk facet. It will refine and validate required factors of each risk facet through experts specialized in designing and implementing a secure EIP system. Then, we will establish a risk management assessment model of EIP and design its algorithm. Finally, we develop an evaluation system and also perform experiments to verify and validate the risk management of EIP. According to the risk value, it will refine the risk level to verify and validate the security of EIP. According to the experimental result, our proposed assessment model and evaluation system of EIP risk management can be served as the guidelines of implementing any a secure Web application.